Symfony4登录无效凭据错误

Question

I am following this guide to set up a simple login form:

https://symfony.com/doc/current/security/form_login_setup.html

I have done everything from this doc, however when I try to login I get this error:

BadCredentialsException {#777 ▼
  -token: UsernamePasswordToken {#778 ▶}
  #message: "Bad credentials."
  #code: 0
  #file: "/var/www/html/advert-board/vendor/symfony/security/Core/Authentication/Provider/UserAuthenticationProvider.php"
  #line: 69
  trace: {▶}
}

I have followed some other similar questions but none of them helped me. Most common cases are usually related to the user registration rather than login. However by comparing the hashes in https://bcrypt-generator.com/ I can tell that the password is saved correctly. In any case this is my registration form:

RegistrationForm:

public function buildForm(FormBuilderInterface $builder, array $options)
{
    $builder
        ->add('email', EmailType::class)
        ->add('username', TextType::class)
        ->add('plainPassword', RepeatedType::class, [
            'type' => PasswordType::class,
            'first_options' => ['label' => 'Password'],
            'second_options' => ['label' => 'Repeat Password']
        ]);
}

public function configureOptions(OptionsResolver $resolver)
{
    $resolver->setDefaults([
        'data_class' => User::class,
        'csrf_protection' => true,
        'csrf_field_name' => '_token',
        'csrf_token_id'   => 'user_item',
    ]);
}

RegistrationController:

/**
 * @Route("/register", name="registration")
 *
 * @param Request $request
 * @return \Symfony\Component\HttpFoundation\Response
 */
public function register(Request $request, UserPasswordEncoderInterface $passwordEncoder)
{

    $user = new User();
    $form = $this->createForm(RegistrationForm::class, $user);

    $form->handleRequest($request);

    if($form->isSubmitted() && $form->isValid()) {

        $params = $request->request->all();
        $password = $passwordEncoder->encodePassword($user, $user->getPlainPassword());

        $user->setPassword($password);

        $em = $this->getDoctrine()->getManager();
        $em->persist($user);
        $em->flush();

        return $this->redirectToRoute('homepage');
    }

    return $this->render('user/register.html.twig', [
        'form' => $form->createView()
    ]);
}

I can confirm that $user->getPlainPassword() is returning the correct string from the form password input.

My security.yml file:

security:
    encoders:
        App\Entity\User: bcrypt
    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
    providers:
        in_memory: { memory: ~ }
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            anonymous: ~
            form_login:
                login_path: login
                check_path: login
        secured_area:
            form_login:
                csrf_token_generator: security.csrf.token_manager
            # activate different ways to authenticate

            # http_basic: true
            # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate

            # form_login: true
            # https://symfony.com/doc/current/security/form_login_setup.html

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
         - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/profile, roles: ROLE_USER }

The login.html.twig:

    {% if error %}
        {{ dump(error) }}
        <div>{{ error.messageKey|trans(error.messageData, 'security') }}</div>
    {% endif %}

    <form action="{{ path('login') }}" method="post">
        <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}">

        <label for="username">Username:</label>
        <input type="text" id="username" name="_username" value="{{ last_username }}" />

        <label for="password">Password:</label>
        <input type="password" id="password" name="_password" />

        <input type="hidden" name="_target_path" value="/profile" />
        <button type="submit">login</button>
    </form>

This error has stoped my development for a full day an i am losing my mind over this!! What can actually be the problem here?

Answer 1

You need to define a user provider which loads the user from some data source. Currently you only have the in_memory user provider defined, so this is where symfony tries to load the users.

You could use the entity provider to use your user entity as a data source.

Add this to your security.yml :

providers:
    doctrine_user_provider:
        entity:
            class: App\Entity\User
            property: username